Evidence of Chinese cyber-espionage against the US has been uncovered on the eve of an important Sino-US presidential summit.
The "Scanbox" malware – used by nation-state threat actors associated with or sponsored by the Chinese government – has been discovered embedded on webpages on the US National Foreign Trade Council (NFTC) site, Fidelis Cybersecurity reports.
The possible cyber-espionage was found ahead of President Trump's meeting with Chinese President Xi Jinping taking place on Thursday and Friday. Items on the agenda are likely to include North Korea, trade and the use of chemical weapons against civilians in Syria.
Fidelis researchers have also discovered a similar threat campaign was conducted involving a site masquerading as the Ministry of Foreign Affairs of Japan.
Hardik Modi, vice president, Threat at Fidelis Cybersecurity, comments: "The motive is most likely to be intelligence collection and although it's impossible to determine specifically how this information will be used, it could empower the Chinese government to steer negotiations in its favour. While this is classic inter-government espionage, it should be noted that we observed it spilling into the private sector and that the same actors have been observed impacting private enterprise in the UK and Japan.
"The information accessed by the threat actors, coupled with targeted phishing campaigns, could be used to prepare the Chinese President for today’s discussions."
The Operation TradeSecret campaign – even if it's linked to China – is unlikely to violate the Obama-Xi Jinping no-hacking agreement of 2015. The 2015 agreement only covered hacking geared towards the theft of trade secrets rather than inter-government snooping, which has always been considered fair game. ®